CVE-2025-46656

Summary

python-markdownify (aka markdownify) before 0.14.1 allows large headline prefixes such as <h9999999> in addition to <h1> through <h6>. This causes memory consumption.

Affected Software

VendorProductVersion RangeStatus
python-markdownifypython-markdownify0 < 0.14.1affected

Weaknesses

  • CWE-1284: CWE-1284 Improper Validation of Specified Quantity in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References